I am running a roadwarrior setup with auth-method=digital-signature. Sever and client certificates are signed by my CA, the CA is imported under System - Certificates and set as trusted.
If I add a different trusted CA (third-party, I don’t want to give access to my tunnel from it), will my tunnel start accepting certificates from it?
Does RouterOS select the same CA as server certificate for client verification when remote-certificate=none?
It only says this on wiki.
If remote-certificate is not specified then received certificate from remote peer is used and checked against CA in certificate menu